Error: 400 :: urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem

sekershell · February 8, 2021, 1:50pm

I have been getting dns error for about 10 hours, but there is no dns problem on my server. can you help me?

2021/02/08 01:02:07 [INFO] [ircsayfam.com, www.ircsayfam.com] acme: Obtaining SAN certificate
2021/02/08 01:02:08 [INFO] [ircsayfam.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686592941
2021/02/08 01:02:08 [INFO] [www.ircsayfam.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686592942
2021/02/08 01:02:08 [INFO] [ircsayfam.com] acme: Could not find solver for: tls-alpn-01
2021/02/08 01:02:08 [INFO] [ircsayfam.com] acme: use http-01 solver
2021/02/08 01:02:08 [INFO] [www.ircsayfam.com] acme: Could not find solver for: tls-alpn-01
2021/02/08 01:02:08 [INFO] [www.ircsayfam.com] acme: use http-01 solver
2021/02/08 01:02:08 [INFO] [ircsayfam.com] acme: Trying to solve HTTP-01
2021/02/08 01:02:41 [INFO] [www.ircsayfam.com] acme: Trying to solve HTTP-01
2021/02/08 01:03:25 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686592941
2021/02/08 01:03:25 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686592941
2021/02/08 01:03:26 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686592942
2021/02/08 01:03:26 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686592942
2021/02/08 01:03:26 Could not obtain certificates:
        error: one or more domains had a problem:
[ircsayfam.com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: query timed out looking up A for ircsayfam.com, url:
[www.ircsayfam.com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: SERVFAIL looking up A for www.ircsayfam.com - the domain's nameservers may be malfunctioning, url:
Certificate generation failed.
2021/02/08 01:03:43 [INFO] [kafadarsohbet.net, www.kafadarsohbet.net] acme: Obtaining SAN certificate
2021/02/08 01:03:44 [INFO] [kafadarsohbet.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686620571
2021/02/08 01:03:44 [INFO] [www.kafadarsohbet.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686620575
2021/02/08 01:03:44 [INFO] [kafadarsohbet.net] acme: Could not find solver for: tls-alpn-01
2021/02/08 01:03:44 [INFO] [kafadarsohbet.net] acme: use http-01 solver
2021/02/08 01:03:44 [INFO] [www.kafadarsohbet.net] acme: Could not find solver for: tls-alpn-01
2021/02/08 01:03:44 [INFO] [www.kafadarsohbet.net] acme: use http-01 solver
2021/02/08 01:03:44 [INFO] [kafadarsohbet.net] acme: Trying to solve HTTP-01
2021/02/08 01:04:16 [INFO] [www.kafadarsohbet.net] acme: Trying to solve HTTP-01
2021/02/08 01:05:01 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686620571
2021/02/08 01:05:01 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686620571
2021/02/08 01:05:01 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686620575
2021/02/08 01:05:02 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10686620575
2021/02/08 01:05:02 Could not obtain certificates:
        error: one or more domains had a problem:
[kafadarsohbet.net] acme: error: 400 :: urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: SERVFAIL looking up A for kafadarsohbet.net - the domain's nameservers may be malfunctioning, url:
[www.kafadarsohbet.net] acme: error: 400 :: urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: query timed out looking up A for www.kafadarsohbet.net, url:
Certificate generation failed.

alfa · February 8, 2021, 11:38pm

hey

MASTER DCV: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (During secondary validation: DNS problem: SERVFAIL looking up A for ankaraokey.org - the domain's nameservers may be malfunctioning) 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (During secondary validation: DNS problem: SERVFAIL looking up TXT for _acme-challenge.ankaraokey.org - the domain's nameservers may be malfunctioning)

I am having the same problem. What can be the problem?

jillian · February 9, 2021, 12:29am

Thanks for posting this output and bringing it to our attention. The Let's Encrypt team is looking at our secondary validation servers for problems. We've opened a status page and will post updates there.

https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6021d6b0387c0e053a136168

alanjaweb · February 9, 2021, 9:34am

Yes I have the same problem.

[alanyaweb.net] acme: error: 400 :: urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: 
SERVFAIL looking up A for alanyaweb.net - the domain's nameservers may be malfunctioning,
url:[[www.alanyaweb.net](http://www.alanyaweb.net)] 
acme: error: 400 :: urn:ietf:params:acme:error:dns :: 
During secondary validation: 
DNS problem: SERVFAIL looking up A for [www.alanyaweb.net](http://www.alanyaweb.net) - the domain's nameservers may be malfunctioning, url:
Certificate generation failed.

sekershell · February 9, 2021, 12:52pm

We cannot get SSL in any way, I wonder if there is a way to get it

jsha · February 10, 2021, 1:10am

Hi @sekershell,

Are you the DNS host for all the affected domains? We're wondering if there may be a connectivity problem between our secondary validation viewpoints (in AWS EC2) and your nameservers. Are you able to reach AWS hosts from your nameservers? Do you have any firewall rules that might be blocking access from EC2?

sekershell · February 10, 2021, 11:57am

Your hands look healthier.

I wish you good work.

petercooperjr · February 10, 2021, 2:37pm

I have to say I'm curious if it's related to AWS's recent implementation of RPKI. Probably completely unrelated, though.

jsha · February 11, 2021, 8:41pm

I'm taking this to mean "your servers look healthier." Is that accurate?

I checked some of the involved hostnames in crt.sh and found they had successful issuances yesterday, so the issue seems resolved. We currently believe this was a temporary reachability issue between our secondary validation viewpoints and sekershell's hosts, and did not impact other hosts as far as we can tell. We've closed out the statusio.

system · March 13, 2021, 8:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOM AIN looking up A for Help	8	7561	March 15, 2021
Acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for freephotoshopskills.com Help	3	17870	April 14, 2020
Problems to get SSL Help	11	2130	March 26, 2021
Error urn:ietf:params:acme:error:dns Help	13	6604	January 21, 2022
Acme: error code 400 Help	5	7325	October 16, 2020

Error: 400 :: urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem

Related topics